The Mozilla Foundation has fixed approximately 21 flaws in the Firefox Web browser that could be exploited to bypass security restrictions, tamper with sensitive data or conduct cross-site scripting and phishing attacks.
Danish vulnerability clearinghouse Secunia rated the flaws "highly critical" in an advisory Thursday. The firm described the flaws as:
A boundary error in the CSS border rendering implementation that could be exploited to write past the end of an array.
Two errors in the handling of "-moz-grid" and "-moz-grid-group" display styles that could be exploited to execute arbitrary code.
An error in the "InstallTrigger.install()" method that be exploited to cause memory corruption.
An unspecified error that can be exploited to spoof the secure lock icon and the address bar by changing the location of a pop-up window in certain situations.
A condition where it's possible to trick users into downloading malicious files via the "Save image as..." menu option.
An unspecified error can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site via the window.controllers array.
An error in how a certain sequence of HTML tags are processed can be exploited to cause memory corruption.
An error in the "valueOf.call()" and "valueOf.apply()" methods can be exploited to execute arbitrary HTML and script code in a user's browser session.
Errors in the implementation of DHTML can be exploited to cause memory corruption.
An integer overflow error in the processing of the CSS letter-spacing property can be exploited to cause a heap-based buffer overflow.
An error in the way file-upload controls are handled can be exploited to upload arbitrary files from a user's system by dynamically changing a text input box to a file upload control.
An unspecified error in the "crypto.generateCRMFRequest()" method can be exploited to execute arbitrary code.
An error in how scripts in XBL controls are handled can be exploited to gain chrome privileges via the "Print Preview" functionality.
An error in a security check in the "js_ValueToFunctionObject()" method can be exploited to execute arbitrary code via "setTimeout()" and "ForEach."
An error in the interaction between XUL content windows and the history mechanism can be exploited to trick users into interacting with a browser user interface, which is not visible.
Users who update to Firefox versions 1.0.8 or 18.104.22.168 will be protected.
Dig Deeper on Web authentication and access control